Summary: The Lotus Panda cyber espionage group has been linked to a campaign against a range of organizations in Southeast Asia, utilizing custom tools for intrusion. Key targets include a government ministry, telecommunications entities, and a news agency. The group is noted for its history of attacks in the region since at least 2009, employing sophisticated techniques including sideloading of legitimate executables.
Affected: Multiple organizations in Southeast Asia (government, telecommunications, media, and construction sectors)
Keypoints :
- Lotus Panda attributed to cyber attacks on various organizations between August 2024 and February 2025.
- The campaign involved advanced tools: loaders, credential stealers, and a reverse SSH tool.
- Previous activities include targeting military and government sectors in countries like the Philippines, Vietnam, Hong Kong, and Taiwan.
- The latest attack leveraged legitimate binaries from Trend Micro and Bitdefender to deploy malicious payloads.
- New version of the Sagerunex tool was used for data harvesting and exfiltration of sensitive information.
Source: https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html